The present invention relates to computer architectures and more particularly to computer architectures with encryption.
The avionics of conventional military and commercial systems is such that multiple embedded systems, i.e., radar, electronics, electro-optical and others, are federated into a platform avionics suite that will be distributed throughout the airframe to facilitate flight of the vehicle and improve the operation of the subsystems. In a modern military platform, disparate security classification guidelines control the dissemination of information from each of those systems, and the external communications to other platforms and services. These systems are connected in contemporary enterprise, sharing and combining the information for exploitation by the platform and its operator. These weapon system platforms operate in a mode known as “System High,” even though the majority of information used is unclassified. “System High” is a level that is at least as high as the highest level of information available to the environment. Access to the stored results of any mission must then be manually downgraded to the level of the end user, which is predominately that of a service member without any clearance. Even the use of government validated Cross Domain Solutions is limited by the ambiguity of the information to be released.
The primary approach to comply with DoD Instruction 8500.02 Information Assurance (IA) Implementation and the corresponding 8510.01 DoD Information Assurance Certification and Accreditation Process (DIACAP) is to demonstrate the control of information by documenting its flow such that the three primary requirements of 8500.02 are fulfilled. These primary requirements of Confidentiality, Integrity, and Availability are intended to ensure that the intended user and only the intended user has timely access to the unmodified information based upon its sensitivity and need to know. In the past, physical isolation, a time consuming and expensive process was used for this purpose. With the explosion of information technology and proliferation, logical isolation was proposed for isolation of network information traffic, using Common Internet Protocol Security Option (CIPSO) and Common Architecture Label IPv6 Security Option (CALIPSO). The use of COMSEC encryption with High Assurance Internet Protocol Encryptor (HAPIE) devices also provides isolation of network traffic. These approaches do not satisfy the requirement of fine-grained security where a large community of users need to share information of various levels of security without allowing an individual insider threat to expose information and place everyone at risk.
Hence, a need remains in the art for an inexpensive security solution for environments ranging from integrated avionics to Global Enterprises where identity and privacy can be maintained.